Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

trojaans paard

juisterr
10 antwoorden
  • Kan iemand me helpen ? Er zit een trojaans paard in de computer op m'n werk. We hebben daar een virusscanner AVAST. Hij waarschuwt altijd dat er een trojaans paard is, en zegt ons dat in de kluis te zetten. We doen wat de virusscanner zegt, MAAR … na enige tijd verschijnt de waarschuwing terug.

    Alvast bedankt !!!
  • Geeft avast ook info over welke trojan het precies is? Je zou eens met een andere antivirus kunnen kijken. Of een online scan doen. Trojans zijn vaak ook wel zichtbaar in een hijackthis log. Die zou je dus hier kunnen plaatsen.
  • Alvast bedankt voor je reactie ! De naam van de Trojan is : win32:TratBHO (Trj). Hij verschijnt telkens in een ander bestand.
    Kan je me vertellen hoe ik zo'n hijackthis log moet maken, dan zet ik het met plezier online.
    Groetjes!
    Chris
  • Het is me toch gelukt om zo'n hijackthis log te maken. Hieronder volgt het :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:18:26, on 29/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
    C:\WINDOWS\mrofinu572.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.pandora.be:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - C:\WINDOWS\system32\cbxvtss.dll
    O2 - BHO: (no name) - {D78E2970-1B36-490C-8C5A-73D84D8B1448} - C:\Program Files\Adobe\mesovicuC:\WINDOWS\system32\uwcee9\renamd83122.exe.dll (file missing)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin
    pjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin
    pjpi142_03.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS
    pqtplugin2.dll
    O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS
    pqtplugin.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: cbxvtss - C:\WINDOWS\SYSTEM32\cbxvtss.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


    End of file - 7823 bytes
  • Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:ba7527b699]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - C:\WINDOWS\system32\cbxvtss.dll
    O2 - BHO: (no name) - {D78E2970-1B36-490C-8C5A-73D84D8B1448} - C:\Program Files\Adobe\mesovicuC:\WINDOWS\system32\uwcee9\renamd83122.exe.dll (file missing)
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
    O20 - Winlogon Notify: cbxvtss - C:\WINDOWS\SYSTEM32\cbxvtss.dll
    [/b:ba7527b699]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.


    Open de verkenner ("Deze Computer") en kies [b:ba7527b699]Extra[/b:ba7527b699] -> [b:ba7527b699]Mapopties…[/b:ba7527b699]
    Controleer onder [b:ba7527b699]Weergave[/b:ba7527b699] de volgende instellingen:

    Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
    Uitzetten: Extensies voor bekende bestandstypen verbergen

    Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
    Selecteer: Verborgen bestanden en mappen weergeven

    Druk daarna op [b:ba7527b699]Toepassen[/b:ba7527b699] gevolgd door [b:ba7527b699]Ok[/b:ba7527b699].

    Verwijder de volgende bestanden:
    C:\WINDOWS\system32\[b:ba7527b699]cbxvtss.dll[/b:ba7527b699]

    Download [b:ba7527b699]Java Runtime Environment (JRE) 6u4[/color:ba7527b699][/b:ba7527b699].
    [list:ba7527b699][*:ba7527b699]Scroll omlaag naar : "[i:ba7527b699]Java Runtime Environment (JRE) 6u4[/i:ba7527b699]".
    [*:ba7527b699]Klik op de "[b:ba7527b699]Download[/b:ba7527b699]" knop aan de rechterkant.
    [*:ba7527b699]In het uitklapmenu rechts naast [b:ba7527b699]Platform[/b:ba7527b699], selecteer [b:ba7527b699]Windows[/b:ba7527b699][/color:ba7527b699]
    [*:ba7527b699]Vink aan: "[b:ba7527b699]I agree to the Java SE Runtime Environment 6 License Agreement[/b:ba7527b699]", en klik op [b:ba7527b699]Continue[/b:ba7527b699].
    [*:ba7527b699]De pagina zal herladen.
    [*:ba7527b699]Klik op de [b:ba7527b699]jre-6u4-windows-i586-p.exe[/b:ba7527b699] link ONDER [b:ba7527b699]Windows Offline Installation[/b:ba7527b699] en bewaar het naar je Bureaublad.
    [*:ba7527b699]Sluit alle programma's die eventueel open zijn - Zeker je web browser!
    [*:ba7527b699]Ga dan naar [b:ba7527b699]Start[/b:ba7527b699] > [b:ba7527b699]Configuratiescherm[/b:ba7527b699] > [b:ba7527b699]Software[/b:ba7527b699] en verwijder alle oudere versies van Java uit de Softwarelijst.
    [*:ba7527b699]Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
    [*:ba7527b699]Klik dan op [b:ba7527b699]Verwijderen[/b:ba7527b699] of op de [b:ba7527b699]Wijzig/Verwijder[/b:ba7527b699] knop.
    [*:ba7527b699]Herhaal dit tot alle oudere versies verdwenen zijn.
    [*:ba7527b699]Na het verwijderen van alle oudere versies, [b:ba7527b699]herstart[/b:ba7527b699] je pc.
    [*:ba7527b699]Dubbelklik vervolgens op [b:ba7527b699]jre-6u4-windows-i586-p.exe[/b:ba7527b699] op je Bureaublad om de nieuwste versie van Java te installeren.[/list:u:ba7527b699]







    [b:ba7527b699]Download [/b:ba7527b699][b:ba7527b699]Combofix[/b:ba7527b699] naar je Bureaublad.
    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:ba7527b699]download Combofix opnieuw[/b:ba7527b699]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:ba7527b699]
    Dubbelklik op [b:ba7527b699]Combofix.exe[/b:ba7527b699]
    Volg de instructies, aanvaard de disclaimer door [b:ba7527b699]1[/b:ba7527b699] (continue) te typen, gevolgd door [b:ba7527b699]ENTER[/b:ba7527b699].
    Tijdens het runnen van de fix, [b:ba7527b699]NIET[/b:ba7527b699] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:ba7527b699]
    Wanneer de fix voltooid is en na herstart, zal de log [b:ba7527b699]combofix.txt[/b:ba7527b699] openen.
    [i:ba7527b699]Plaats dit log in je volgende post samen met een nieuw HijackThis log.[/i:ba7527b699]
  • Beste Juisterr,
    Ik heb het eerste gedeelte gedaan van wat je vroeg, maar ik kan het bestand c:\windows\system 32\cbxvtss.dll niet verwijderen. Hij zegt dat het bestand in gebruik is, terwijl alle programma's gesloten zijn.

    Chris
  • probeer gewoon de rest wel te doen Chris.
  • Beste Juisterr,

    ik heb verder alles gedaan wat in je lijstje stond, en dit zijn de twee logs :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:42:55, on 29/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.pandora.be:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS
    pqtplugin2.dll
    O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS
    pqtplugin.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: hpdj3600 - Unknown owner - C:\DOCUME~1\HP_EIG~1\LOCALS~1\Temp\hpdj3600.exe (file missing)
    O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


    End of file - 7277 bytes

    ComboFix 08-01-29.3 - HP_Eigenaar 2008-01-29 13:33:03.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.191 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\HP_Eigenaar\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\cbxvtss.dll
    D:\Autorun.inf
    C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
    C:\Program Files\Temporary
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\WINDOWS\b122.exe
    C:\WINDOWS\b128.exe
    C:\WINDOWS\mrofinu1000106.exe
    C:\WINDOWS\mrofinu572.exe
    C:\WINDOWS\system32\cbxvtss.dll
    C:\WINDOWS\system32\ddcdbyy.dll
    C:\WINDOWS\system32\pac.txt
    D:\Autorun.inf

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-12-28 to 2008-01-29 ))))))))))))))))))))))))))))))
    .

    2008-01-29 11:11 . 2007-01-15 09:09 122,463 –a—— C:\WINDOWS\hpdj3600.hi1
    2008-01-29 11:11 . 2007-01-15 09:09 7,366 –a—— C:\WINDOWS\hpdj3600.bu1
    2008-01-29 10:51 . 2008-01-29 10:51 <DIR> d——– C:\Program Files\Java
    2008-01-29 10:51 . 2008-01-29 10:51 <DIR> d——– C:\Program Files\Common Files\Java
    2008-01-29 10:51 . 2007-12-14 01:59 69,632 –a—— C:\WINDOWS\system32\javacpl.cpl
    2008-01-29 09:46 . 2008-01-29 09:44 102,664 –a—— C:\WINDOWS\system32\drivers\tmcomm.sys
    2008-01-29 08:17 . 2008-01-29 08:17 <DIR> d——– C:\Program Files\Trend Micro
    2008-01-28 15:30 . 2008-01-29 09:55 <DIR> d——– C:\Documents and Settings\HP_Eigenaar\.housecall6.6
    2008-01-28 15:10 . 2008-01-29 08:05 <DIR> d——– C:\Program Files\NoAdware5.0
    2008-01-28 08:11 . 2008-01-28 08:29 <DIR> d——– C:\Program Files\Dot1XCfg
    2008-01-25 10:06 . 2008-01-25 10:06 <DIR> d——– C:\WINDOWS\system32\uwcee9
    2008-01-25 10:05 . 2008-01-25 10:06 <DIR> d——– C:\WINDOWS\system32\aee1
    2008-01-25 10:05 . 2008-01-25 10:05 <DIR> d——– C:\temp\gTiis19
    2008-01-25 10:05 . 2008-01-25 10:05 224,758 –a—— C:\temp\hKKsb1910.exe
    2008-01-25 10:05 . 2008-01-25 10:05 36,864 –a—— C:\WINDOWS\mrofinu572.exe.tmp
    2008-01-25 10:04 . 2008-01-25 10:04 <DIR> d——– C:\WINDOWS\system32
    Gpxx01
    2008-01-25 10:04 . 2008-01-25 10:04 <DIR> d——– C:\temp\cXzz9

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-29 10:12 ——— d—–w C:\Program Files\Hewlett-Packard
    2008-01-28 14:49 ——— d—–w C:\Program Files\Zylom Games
    2008-01-20 18:54 ——— d—–w C:\Documents and Settings\HP_Eigenaar\Application Data\U3
    2007-12-04 14:56 93,264 —-a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 —-a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 —-a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 —-a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 —-a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-10-15 08:27 40,328 —-a-w C:\Documents and Settings\HP_Eigenaar\Application Data\GDIPFONTCACHEV1.DAT
    2007-10-01 07:57 516 —-a-w C:\Documents and Settings\HP_Eigenaar\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-04-13 10:25 18576936]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04 52736]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 22:55 155648]
    "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 18:53 49152]
    "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 18:47 659456]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 13:03 221184]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 13:03 81920]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-06-09 22:09 286720]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43 233472]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-29 20:23 4603904]
    "nwiz"="nwiz.exe" [2004-09-29 20:23 921600 C:\WINDOWS\system32
    wiz.exe]
    "VTTimer"="VTTimer.exe" []
    "SiSPower"="SiSPower.dll" [2004-09-24 09:49 49152 C:\WINDOWS\system32\SiSPower.dll]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe]
    "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 21:54 253952]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
    "AutoTBar"="c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE" [ ]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44 61440]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-01 13:58 98304]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
    Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 16:23:32 74308]
    Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 23:49:24 73728]

    S2 hpdj3600;hpdj3600;C:\DOCUME~1\HP_EIG~1\LOCALS~1\Temp\hpdj3600.exe -servicerunning=true -uninstall=hp deskjet 3600 series []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed60d06c-02b3-11dc-8146-0011d8ad1941}]
    \Shell\AutoRun\command - F:\loader.exe

    *Newly Created Service* - HPDJ3600
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-29 13:37:56
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ———————— Other Running Processes ————————
    .
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2008-01-29 13:41:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-29 12:41:24
    .
    2008-01-09 10:55:29 — E O F —
  • Download en installeer CCleaner
    (De CCLeaner Yahoo Toolbar is niet nodig)

    Start [b:12cafe2a4b]CCleaner[/b:12cafe2a4b]
    Ccleaner biedt je de mogelijkheid om in te stellen wat er opgeschoond moet worden.
    Kies in ieder geval voor de volgende items:
    Internet Explorer:
    - Tijdelijke Internet bestanden
    Systeem:
    - Prullenbak leegmaken
    - Tijdelijke bestanden

    klik nu in Ccleaner op [b:12cafe2a4b]opschonen[/b:12cafe2a4b] (rechts onderaan).

    vertel even hoe het nu gaat.
  • Beste Juisterr,

    ik heb nogmaals gedaan wat je me schreef. Ik heb ccleaner alles laten opschonen.
    Daarna heb ik nog eens m'n virusscanner Avast gedraaid en die heeft geen geinfecteerde bestanden meer gevonden.

    1000xbedankt en als ik je ooit eens tegenkom in je kotje aan de kust in Zuid-Holland, dan gaan we d'er samen één (of meer) drinken !

    Chris

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.